A security vulnerability report arrived which went roughly like this:
When you programmatically enable the XYZ feature, the user receives no visual alert that it is enabled. As a result, malware can enable this feature and use it as part of an attempt to turn the machine into a botnet zombie. The XYZ feature should notify the user when it is ...